> How about posting the ACL configuration, so we can see what you're
> trying to do there? I suspect that you have an addresslist or
> domainlist which you're constructing using $dkim_cur_signer as an item
> and not accounting for "10.3 File names in lists".
The DKIM ACL is this (for the most part, borrowed from messages on
this list some time ago):
"""
acl_check_dkim:
warn
!dkim_status = invalid
add_header = :at_start:X-DKIM: $dkim_verify_status
accept
dkim_status = none
sender_domains = KNOWN_DKIM_SIGNERS
dkim_signers = KNOWN_DKIM_SIGNERS
condition = ${if
match_domain{$sender_address_domain}{$dkim_cur_signer}}
log_message = Possible DKIM Forgery: Unsigned message from
$sender_address_domain
add_header = :at_start:X-DKIM: Exim $version_number on
$primary_hostname (no dkim signature for required
domain:$dkim_cur_signer)
accept
dkim_status = none
!sender_domains = KNOWN_DKIM_SIGNERS
!dkim_signers = KNOWN_DKIM_SIGNERS
add_header = :at_start:X-DKIM: Exim $version_number on
$primary_hostname (no dkim signature for $dkim_cur_signer)
accept
dkim_status = pass : invalid
add_header = :at_start:Authentication-Results:
$primary_hostname; dkim=$dkim_verify_status;
signing_identity="$dkim_cur_signer"; reason="$dkim_verify_reason"
accept
dkim_status = fail
condition = ${if eq{$dkim_key_testing}{1}{no}{yes}}
log_message = DKIM Failure: $dkim_verify_reason
add_header = :at_start:X-DKIM-Failure: $dkim_verify_reason
accept
"""
So that would mean the problem is with "${if
match_domain{$sender_address_domain}{$dkim_cur_signer}}" then? If I
reversed this to "${if
match_domain{$dkim_cur_signer}{$sender_address_domain}}" would that
then be correct? i.e. only the second item is treated as a list, so a
leading slash in the first has no effect?
Thanks,
Tony
